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@ Secure credit/debit card authorization. 



(57) This invention relates to methods for making 
a credit/debit card purchase without revealing 
the card number to the vendor (3) of services or 
goods. The card holder (1) is connected to a 
data base (5) and provides the card number, 
plus holder identity verification, to the data 
base. The data base then verifies whether the 
card holder is authorised to incur the expense 
of the purchase, and, if so, provides an authoris- 
ation indication or code to the vendor (3) ; the 
card number cannot be derived from the 
authorisation information, thus helping to pre- 
serve the secrecy of the card number. 
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Technical Field 

This invention relates to a method for authorizing 
a credit/debit card holder to purchase goods or ser- 
vices. 

Problem 

in recent years, telephone ordering of merchand- 
ise has become an increasingly common method of 
purchase. In a typical transaction, a caller calls a 
store, indicates the merchandise that is to be bought, 
provides his/her address for the delivery of the mer- 
chandise, and provides a credit/debit card (CDC) 
number. The vendor verifies that the CDC is valid and 
charges the purchase to that CDC. The vendor then 
sends the merchandise to the customer. A problem of 
this method of operation is that the customer must 
provide his/her CDC number to the vendor. This tends 
to compromise the secrecy of the CDC number which 
makes possible the fraudulent use of such a number. 
The possibility of such fraudulent use helps to keep 
the rates charged by credit card companies to the 
vendors high, and limits teletransaction usage. 

Solution 

In accordance with applicant's invention, an ad- 
vance is made over the methods of the prior art by 
connecting a customer desiring to order merchandise 
to the data base of a CDC company or to its autho- 
rized agent such as a common carrier the caller then 
provides the CDC number to the data base, which af- 
ter checking the authorization of the CDC number, 
provides an authorization indication to a vendor. The 
vendor charges the credit card company for the pur- 
chase using the authorization code. Advantageously, 
the credit card number is only provided to the credit 
card company or carrier, not to the vendor. 

In accordance with one feature of the invention, 
identification methods are used to identify the caller 
and only provide authorization for the purchase 
(transaction) if the caller is the owner of the CDC. In 
one specific embodiment of the invention, the caller 
is identified using voice recognition. Alternatively, or 
in addition, a personal identification number is used. 
Alternatively, or in addition, the caller is identified us- 
ing automatic number identification (AN I) which is for- 
warded to the card company or agent as part of the 
caller identification. 

In accordance with one feature of the invention, 
the authorization indication comprises an authoriza- 
tion code for tracking a purchase transaction. The au- 
thorization code contains one or more fields. One 
such field is used to identify the vendor and thereby 
simplify the process of billing for the credit company. 
Another field provides the name and/or address of 
the credit card holder to reduce the effon of the ven- 



dor for obtaining this data. Another field specifies the 
dollar limit of the amount of credit being authorized for 
this transaction. Another field specifies a limit of the 
time for which such credit is being allowed. Another 
5 field specifies the date and time of the authorization. 

Brief Description of the Drawing 

FIG. 1 is a block diagram illustrating the operation 
10 of applicant's invention; and 

FIG. 2 is a flow diagram of the steps of a method 
for implementing the invention. 

Detailed Description 

15 

FIG. 1 is a block diagram of the operation of ap- 
plicant's invention. A purchaser at a calling station 1 
is connected via a telecommunications network 2, 
such as the public switched telephone network, to a 

20 credit/debit card (CDC) data base 5. The calling sta- 
tion provides to the data base 5 a CDC number, a per- 
sonal identification number(PIN),andasampleofthe 
caller's voice. The sample is routed to caller verifica- 
tion system 7 which is used to recognize the voice and 

25 to ensure that the recognized voice corresponds to 
the specified credrt/debit card. The caller is t hen pro- 
vided with new dial tone and calls the vendor 3. The 
telephone number of the vendor is passed from net- 
work 2 to CDC data base 5 using signaling network 

30 4. The identity of the vendor is the final piece of data 
required by the CDC data base to provide the author- 
ization code. This authorization code is passed from 
CDC data base 5 via signaling network 4 and network 
3 to vendor 3. In one specific implementation of ap- 

35 plicant's invention, the authorization number is pro- 
vided over a D-channet of an integrated services dig- 
ital network (ISDN) link to the vendor. Alternatively, 
this information may be provided using other signal- 
ing techniques such as dual tone multifrequency 

40 (DTMF) signaling. 

After the vendor has received the authorization 
code, the vendor is connected to the calling station 
and receives verbal instructions from the calling sta- 
tion. These verbal instructions, such asformerchand- 

45 ise to be ordered, are associated with the received 
authorization number and the vendor then transmits 
via network 2 and signaling network 4, the authori- 
zation code plus merchandise and charge information 
to the CDC data base 5 to charge the customer ap- 

50 propriately. The charge is valid only if the authoriza- 
tion code and the vendor identification correspond 
and any restrictions such as dollar limit and time limit 
are satisfied. The CDC company 6 is connected via 
the network and optionally via a data link to the CDC 

55 data base to allow the data base to be updated, for ex- 
ample, when a credit card is found to have been lost. 

The authorization may be simply a positive indi- 
cation to the vendor, but in the preferred embodiment. 
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the authorization includes an authorization code. 

In accordance with one feature of the invention, 
the authorization indication comprises an authoriza- 
tion code for tracking a purchase transaction. The au- 
thorization code contains one or more fields. One 5 
such field is used to identify the vendor and thereby 
simplify the process of billing for the credit company. 
Another field provides the name and/or address of 
the credit card holder to reduce the effort of the ven- 
dor for obtaining this data. Another field specifies the io 
dollar limit of the amount of credit being authorized for 
this transaction. Another field specifies a limit of the 
time for which such credit is being allowed. Another 
field specifies the date and time of the authorization. 

FIG. 2 is a flow diagram of steps performed to 15 
practice applicant's invention. Initially, block 200, a 
CDC holder (CDCH) wants to make a teletransaction. 
Block 201 and its succeeding blocks illustrate a meth- 
od wherein the CDCH initially calls the data base of 
a card company or its agent. Block 203 illustrates that 20 
the card company requests the card number, and a 
PIN or a voice sample, and validates the card and its 
user, this request may not be necessary if the caller's 
telephone station has been identified by an Automatic 
Number Identification (AN I) number forwarded to the 25 
data base, and matching the recorded telephone 
number for that CDC. The data base verifies the au- 
thorization of the CDC holder to incur the expense 
and prepares an authorization code for transmission 
to the vendor. If the CDCH Is so authorized, the 30 
CDCH is then given a new dial tone and calls the ven- 
dor (block 205). Block 207 indicates that the CDCH 
orders the products/services from the vendor who 
has been automatically provided with the authoriza- 
tion code. Eventually, the CDCH disconnects (block 35 
209) and the vendor charges against the card using 
the authorization code (block 211) if the transaction 
has been authorized and the time and dollar values 
are not exceeded. This can be performed either by 
the vendor filling out a credit ticket or by the vendor 40 
providing information which is immediately sent back 
as a data message to the CDC data base. 

An alternate approach is illustrated in block 241 
and its successors. Here the CDCH calls the vendor 
directly (action block 241). The vendor connects the 45 
CDCH to the card validator data base and the card va- 
lidation is performed in a transaction between the 
calling station 1 and CDC data base 5. The transfer 
of calling statk>n 1 to CDC data base 5 is performed 
by setting up a connection between the CDCH and 50 
the data base in such a way that it is impossible for 
the vendor to eavesdrop on this connection. The card 
is validated by the card validator using the card nunrv 
ber, the PIN, and/or, if appropriate, voice recognition 
(action block 243). The CDCH is then returned to the 55 
vendor who is provided with an authorization code 
from the data base (action block 245). The CDCH 
then orders the products and the service against the 



authorization code received by the vendor (action 
block 247) and the CDCH eventually hangs up (action 
block 249). The vendor charges against the CDC us- 
ing the authorization code (action block 251). 

Note that in both of these scenarios the cred- 
it/debit card number is not provided to the vendor who 
only receives the authorization code. 

In another alternative arrangement^ when a cus- 
tomer has selected his/her merchandise or service, 
the customer is connected to the CDC data base from 
a convenient station, possibly including a card reader, 
located in the vendor's store. After the CDC number 
has been entered and the transaction authorized, the 
authorization code is provided audibly or in video or 
printed form for the vendor, at the convenient station 
or at an associated terminal. 

It is to be understood that the above description 
is only of one preferred embodiment of the invention. 
Numerous other arrangements may be devised by 
one skilled in the art without departing from the scope 
of the invention. The invention is thus limited only as 
defined in the accompanying claims. 

Claims 

1. In a data base (5) for authorizing a credit/debit 
card (CDC) expenditure, a method for authoriz- 
ing a purchase of goods or services, comprising: 

responsive to receiving in said data base 
data (5) from a holder (1) identifying a specific 
CDC, determining whether said CDC is autho- 
rized to incur an expenditure; and 

responsive to a determination that said 
CDC is authorised to incur said expenditure, 
transmitting from said data base an authorization 
indication to a vendor (3) of said goods or servic- 
es, the identification of said CDC not being der- 
ivable from said authorisation code; 

wherein the identification of said CDC is 
not provided to said vendor. 

2. A method as claimed in claim 1 wherein said au- 
thorization indication comprises an authorisation 
code for tracking a purchase transaction. 

3. A method as claimed in claim 2 wherein said au- 
thorisation code comprises one or more of the fol- 
lowing: a limit of allowed expenditure for a trans- 
action, an identification of said vendor, date 
and/or time data, a time limitation for a transac- 
tion, the name of a holder of said CDC, and an ad- 
dress of a holder of said CDC. 

4. A method as claimed in claim 1, 2 or 3 wherein 
said data received in said data base comprises 
data for verifying the identity of the user of said 
CDC. 



3 



EP 0 590 861 A2 



5. A method as claimed in claim 4 wherein said data 
for verifying comprises a personal identification 
number. 

6. A method as claimed in claim 4 or 5 wherein said 5 
data for verifying comprises an automatic number 
identification of a caller station supplying said 
CDC identification. 

7. A met hod as claimed in any preceding claim com- io 
prising the steps of: 

establishing a voice connection to voice 
recognition means for recognizing the identity of 
a caller; and 

using output of said voice recognition 15 
means to identify a user of said CDC. 
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FIG. 2 



f200 



CREDIT/DEBIT CARD HOLDER (CDCH) 
WANTS TO MAKE A TELEPHONE TRANSACTION 



201 



CDCH CALLS 
CARD COMPANY 
(OR IT'S AGENT) 



203 



CARD COMPANY 
REQUESTS CARD jf, PIN 

AND VALIDATES CARD 



205 



CDCH IS GIVEN 
NEW DIAL TONE 
AND CALLS VENDOR 



207 



CDCH ORDERS 
PRODUCT/SERVICES 
FROM VENDOR USING 
AUTHORIZATION CODE 
(NOT CARD §) 



209 



CDCH HANGS UP 



241 



CDCH CALLS VENDOR 
OF PRODUCT 
OR SERVICE 



243 



VENDOR CONNECTS CDCH 
TO CARD VAUDATOR 

AND CARD IS VALIDATED 
BY CARD VALIDATOR 

(CARD COMPANY, etc.) 



I 



245 



CDCH IS RETURNED 
TO VENDOR WITH 
A VALIDATED CARD 
INDICATION 



\ f247 



CDCH ORDERS 
PRODUCT/SERVICES 
FROM VENDOR USING 
AUTHORIZATION CODE 
(NOT CARD §) 



f21 1 



VENDOR CHARGES 
ACCOUNT AGAINST 

CARD USING 
AUTHORIZATION CODE 



CDCH HANGS UP 



-X- 



251 



VENDOR CHARGES 
ACCOUNT AGAINST 

CARD USING 
AUTHORIZATION CODE 



6 



